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AMENDMENT AND PRESENTATION OF CLAIMS 

Please replace all prior claims in the present application with the following claims. 



1 . (Currently Amended) A method comprising: 

causing, at least in part, reception of receiving a location information request at a first 
network element, which is connected to a cellular network, from a second network 
element, which is connected to a packet data network, the location information request 
relating to a mobile station associated with the cellular network; 

causing, at least in part, transmission of determining to transmit a request to a third network 
element, which is connected to the packet data network, the request requesting a security 
document relating to the second network element; 

initiating determining to initiate establishment of at least one security association that at least 
specifies data origin authentication and points from the second network element to the 
first network element, wherein the establishment at least involves use of information 
comprised in the security document; 



security association, a data origin of the location information request; and 
initiating determining to initiate , if the data origin of the location information request is 
authenticated successfully, a location procedure relating to the mobile station. 

2. (Original) A method according to claim 1, wherein the security document relating to 
the second network element is a public key certificate, which comprises an identifier specifying 
the second network element and a public key of the second network element and which is 
cryptographically signed by the third network element. 




- determining to authenticate , after successful establishment of the at least one 
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3. (Currently Amended) A method according to claim 1, further comprising: 
requesting determining to request , from the third network element, a second security 

document relating to the first network element. 

4. (Original) A method according to claim 3, wherein the security document comprises a 
first key, which is encrypted using a second key shared between the first network element and the 
third network element, and the second security document comprises the first key, which is 
encrypted using a third key shared between the second network element and the third network 
element. 

5. (Currently Amended) A method according to claim 3, further comprising: 

initiating determining to initiate establishment of a second security association that points 
from the first network element to the second network element using at least information 
comprised in the second security document. 

6. (Original) A method according to claim 5, wherein the security association is a set of 
Internet Security Associations pointing from the second network element to the first network 
element and the second security association is a second set of Internet Security Associations 
pointing from the first network element to the second network element. 

7. (Previously Presented) A method according to claim 5, wherein the second security 
association at least specifies data encryption. 
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8. (Original) A method according to claim 1, wherein the security association is a set of 
Internet Security Associations pointing from the second network element to the first network 
element. 

9. (Currently Amended) A method according to claim 1, further comprising: 

causing, at least in part, determining to generate the security document to be generated by the 
third network element, which is connected to the packet data network; 

initiating determining to initiate establishment of at least one other_security association using 
at least information comprised in the security document, the at least one other security 
association at least specifying data origin authentication and pointing from the second 
network element to the first network element; 

authenticating determining to authenticate, after successful establishment of the at least one 
other_security association, a_data origin of the location information request; and 

causing, at least in part, determining to implement a location procedure to be implemented , 
the location procedure relating to the mobile station. 

10. (Currently Amended) A method according to claim 9, further comprising: 

causing, at least in part, determining to transmit location information relating to the mobile 
station to be transmitted to the second network element. 

11. (Currently Amended) A method according to claim 10, wherein the location 
information relating to the mobile station is caused, at least in part, determined to be transmitted 
to the second network element from the first network element. 
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12. (Currently Amended) A method according to claim 1 1 , further comprising: 
causing, at least in part, determining to generate a second security document to be generated 

by the third network element, the second security document relating to the first network 
element; and 

initiating determining to initiate establishment of a second security association using at least 
the information specified in the second security document, the second security association 
at least specifying data encryption and pointing_from the first network element to the 
second network element. 

13. (Currently Amended) A method according to claim 10, further comprising: 
initiating determining to initiate , before causing, at least in part, determining to transmit the 

location information to be transmitted to the second network element, establishment of a 
third security association, which at least specifies data origin authentication and points 
from the second network element to a packet data device, wherein the packet data device 
is either connected to the mobile station or is an integral part of the mobile station. 

14. (Currently Amended) A method according to claim 10, wherein the location 
information relating to the mobile station is caused, at least in part, determined to be transmitted 
from a device, which is either connected to the mobile station or is an integral part of the mobile 
station. 

15. (Currently Amended) A method according to claim 14, further comprising: 
initiating determining to initiate , before causing, at least in part, determining to transmit the 

location information to be transmitted to the second network element, establishment of a 
5 



Attorney Docket No.: P3590US00 Patent 

third security association, which at least specifies data origin authentication and points 
from the second network element to a packet data device, wherein the packet data device 
is either connected to the mobile station or an integral part of the mobile station. 

16. (Currently Amended) A method according to claim 15, further comprising: 
initiating determining to initiate , before causing, at least in part, transmission of determining 

to transmit the location information, establishment of a fourth security association, which 
at least specifies data encryption and which points to the second network element from 
the packet data device. 

17. (Currently Amended) A method according to claim 14, further comprising: 
causing, at least in part, determining to receive via the mobile station to receive a notification 

relating to the location procedure associated with the mobile station, 
wherein the mobile station is configured to inform the packet data device about the 
notification. 

18. (Original) A method according to claim 1, wherein the first network element is a 
network element of a GPRS network. 

19. (Original) A method according to claim 18, wherein the first network element is a 
Gateway Mobile Location Center. 

20. (Original) A method according to claim 1, wherein the first network element is a 
network element of a UMTS network. 
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21. (Currently Amended) An apparatus comprising: 
at least one processor; and 

at least one memory including computer program code, the at least one memory and the 
computer program code being configured, with the at least one processor, to cause the 
apparatus at least to: 

receive, from a packet data network, a location information request relating to a mobile 
station, 

determine to initiate a location procedure in a cellular network, 

determine to initiate establishment of security associations pointing to the apparatus from a 

network element of a packet data network, 
determine to perform security functions specified by the security associations on data 

received from the packet data network, 
determine if there is an existing security association pointing to the apparatus from a sender 

of the location information request, and 
determine to initiate security association establishments, which are configured to establish 

security associations if security associations do not exist, wherein the security association 

establishments point to the apparatus from the sender of the location information request. 

22. (Currently Amended) An apparatus according to claim 21, wherein the apparatus is at 
least further caused to: 

receive, from a device reachable via the cellular network, a request about a particular security 
association, which points to the apparatus from a certain network element of the packet 
data network; 

determine whether the particular_security association exists; and 
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determine to transmit information about the particular security association to the device. 



23. (Currently Amended) An apparatus according to claim 21, wherein the apparatus is at 
least further caused to: 

receive a request to generate security documents relating to the device and to the sender of a 

the location information request; and 
causing, at least in part, determining to generate a first security document associated with the 

device and a second security document associated with the location information request 

to be generated . 

24. (Previously Presented) An apparatus according to claim 21, wherein the apparatus is a 
network element of a GPRS network. 

25. (Previously Presented) An apparatus according to claim 24, wherein the apparatus is a 
Gateway Mobile Location Center. 

26. (Previously Presented) An apparatus according to claim 21, wherein the apparatus is a 
network element of a UMTS network. 

27. (Currently Amended) An apparatus comprising: 
at least one processor; and 

at least one memory including computer program code, the at least one memory and the 
computer program code being configured, with the at least one processor, to cause the 
apparatus at least to: 
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receive, from a mobile station, information relating to a location information request and a 

sender of the location information request, and 
determine to exchange information about a security association with a network element 

connected to a cellular network, the security association pointing to the network element 

from the sender of the location information request. 

28. (Currently Amended) An apparatus according to claim 27, wherein the apparatus is at 
least further caused to: 

determine to establish a second security association, which points to the apparatus from the 
sender of the location information request and at least specifies data origin authentication. 

29. (Currently Amended) An apparatus according to claim 28, wherein the apparatus is at 
least further caused to: 

determine to request a network element of the cellular network to generate security 

documents relating to the apparatus and to the sender of the information request, 
wherein the security documents are utilized to establish the second security association. 

30. (Currently Amended) An apparatus according to claim 27, wherein the apparatus is at 
least further caused to: 

determine to transmit, to the mobile station, a permission to transmit location information to 

the sender of the location information request, 
wherein the permission is transmitted to the mobile station if the security association is 

established. 
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31. (Previously Presented) An apparatus according to claim 27, further comprising a 
receiver of a positioning system. 



32. (Previously Presented) An apparatus according to claim 31, wherein the receiver is a 
Global Positioning System receiver. 

33. (Canceled). 

34. (Canceled). 

35. (New) An apparatus comprising: 
at least one processor; and 

at least one memory including computer program code, the at least one memory and the 
computer program code being configured, with the at least one processor, to cause the 
apparatus at least to: 

receive a location information request at a first network element, which is connected 
to a cellular network, from a second network element, which is connected to a 
packet data network, the location information request relating to a mobile station 
associated with the cellular network; 

determine to transmit a request to a third network element, which is connected to the 
packet data network, the request requesting a security document relating to the 
second network element; 

determine to initiate establishment of at least one security association that at least 
specifies data origin authentication and points from the second network element to 
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the first network element, wherein the establishment at least involves use of 

information comprised in the security document; 
determine to authenticate, after successful establishment of the at least one security 

association, a data origin of the location information request; and 
determine to initiate, if the data origin of the location information request is 

authenticated successfully, a location procedure relating to the mobile station. 

36. (New) An apparatus according to claim 35, wherein the apparatus is further caused to: 
determine to generate the security document by the third network element, which is 

connected to the packet data network; 
determine to initiate establishment of at least one other security association using at least 

information comprised in the security document, the at least one other security 

association at least specifying data origin authentication and pointing from the second 

network element to the first network element; 
determine to authenticate, after successful establishment of the at least one other security 

association, a data origin of the location information request; and 
determine to implement a location procedure, the location procedure relating to the mobile 

station. 
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